Minnesota Sheriff Must Release Emails on Police Use of Biometric Technology

When EFF launched a campaign last year to encourage the public to help us uncover police use of biometric technology, we weren’t sure what to expect. Within a few weeks, however, hundreds of people joined us in filing public records requests around the country.

Ultimately, dozens of local government agencies responded with documents revealing devices capable of digital fingerprinting and facial recognition, while many more reported back—sometimes erroneously—that they hadn’t used this technology at all. Several, however, either didn’t respond, demanded exorbitant fees, or outright rejected the requests.

EFF has now joined the ACLU of Minnesota in filing an amicus brief [.pdf] in a particularly egregious case now before the Minnesota Court of Appeals, demanding the release of emails regarding the Hennepin County Sheriff Office’s facial recognition program.

In August 2016, web engineer and public records researcher Tony Webster filed a request based on EFF’s letter template with Hennepin County, a jurisdiction that includes Minneapolis, host city of the 2018 Super Bowl. He sought emails, contracts, and other records related to the use of technology that can scan and recognize fingerprints, faces, irises, and other forms of biometrics.

In an April 22 order, Administrative Law Judge Jim Mortenson described four months of unexplained delays, improperly redacted records, inadequate answers and other behavior by county officials in response to Webster’s request.

The county’s actions violated the Minnesota Government Data Practices Act (MGDPA), Mortenson found. He fined the county $300, the maximum allowed by law; ordered it to pay up to $5,000 in Webster’s attorney’s fees; refund $950 of the filing fee, and pay $1,000 in court costs.

Perhaps most significant, he ordered the county to figure out a way to make its millions of e-mail messages publicly accessible by June 1.

It was a huge victory for Webster. But Hennepin County appealed, and thus a skirmish over biometric records has become a crucial battleground over the public’s right to access the emails of government officials across the state of Minnesota.

Biometric technology is an emerging threat to privacy. By biometrics, we mean the physical and behavioral characteristics that make us unique, such as our fingerprints, faces, irises and retinas, tattoos, gaits, and more. Police around the country have begun adopting and testing these systems. The devices are often mobile, such as handheld devices or smart phone apps.

Some emails that Webster already received show that the Hennepin County Sheriff’s office is contemplating using facial recognition technology on still images in investigations. Even more concerning, there’s evidence that in the next two years the sheriff intends to use real-time facial recognition to identify people in surveillance cameras streams, including those owned by private entities.

The records obtained show that jail inmates had their mugshots enrolled in a system designed by the German form Cognitec. One particular email showed how the $200,000 system poses a threat to the privacy of individuals not involved in crimes and presents a significant financial burden on taxpayers. As a criminal informational analyst with the Hennepin County Sheriff’s Office wrote:

“[The] system is so good I’ve found possible matches that turned out to be close relatives…It costs a shit-ton … but I love it.”

In our brief, we draw from the wealth of records EFF, and our partners at MuckRock News, received through the crowdsourcing campaign to explain why these emails are key to informing the public debate over mobile biometrics.

Using the documents released in response to these requests, EFF has been able to report on nine agencies using biometric technology in California. The documents revealed that most of the agencies are using digital fingerprinting devices, and many are also using iris, palm, and facial recognition technology, or plan to use them in the future. One of EFF’s partner organizations used these same records to map the ties between the biometric contractors mentioned in the documents and firms in the defense and security industries that are deeply embedded in the national security apparatus. EFF is continuing to review records released by other agencies.

The brief also explains how emails often contain some of the most important information:

Emails released to other requesters have been equally revealing. For example, emails released by Miami-Dade County, Florida showed how MorphoTrak, a large biometrics vendor serving forty-two states’ DMVs and many federal agencies, underpriced the devices in its invoices but increased the price later. Emails between the Phoenix, Arizona Police Department and its vendor revealed information about the sole-source procurement process. And emails released by the Polk County, Florida Sheriff’s Office describe the timeline for installing biometrics devices in squad cars and outline the training process for using the devices.

EFF hopes the appellate judges recognize that democracy functions best when the public debate is informed by government records and deny Hennepin County’s attempts to shield its plans from scrutiny.